Method for establishing secure associations within a communication network

ABSTRACT

A method for security authentication within a wireless network is disclosed. A method within an adhoc mesh network for two devices to quickly determine roles (i.e. which is the authenticator and which is the supplicant) while establishing a security association is provided for. The invention further provides for the inclusion of cached key information in the role negotiation process and the application of role negotiation to a shortened three-way handshake.

FIELD OF THE INVENTION

The present invention relates generally to wireless communications andmore particularly to establishing secure associations between devicesoperating within a communication network.

BACKGROUND

An infrastructure-based wireless network typically includes acommunication network with fixed and wired gateways. Manyinfrastructure-based wireless networks employ a mobile unit or hostwhich communicates with a fixed base station that is coupled to a wirednetwork. The mobile unit can move geographically while it iscommunicating over a wireless link to the base station. When the mobileunit moves out of range of one base station, it may connect or“handover” to a new base station and starts communicating with the wirednetwork through the new base station.

In comparison to infrastructure-based wireless networks, such ascellular networks or satellite networks, ad hoc networks areself-forming networks which can operate in the absence of any fixedinfrastructure, and in some cases the ad hoc network is formed entirelyof mobile nodes. An ad hoc network typically includes a number ofgeographically-distributed, potentially mobile units, sometimes referredto as “nodes,” which are wirelessly connected to each other by one ormore links (e.g., radio frequency communication channels). The nodes cancommunicate with each other over a wireless media without the support ofan infrastructure-based or wired network.

A wireless mesh network is a collection of wireless nodes or devicesorganized in a decentralized manner to provide range extension byallowing nodes to be reached across multiple hops. In a multi-hopnetwork, communication packets sent by a source node can be relayedthrough one or more intermediary nodes before reaching a destinationnode. A large network can be realized using intelligent access points(IAP) which provide wireless nodes with access to a wired backhaul.

Wireless ad hoc networks can include both routable (meshed) nodes andnon-routable (non-meshed) nodes. Meshed or “routable” nodes are deviceswhich may follow a standard wireless protocol such as Institute ofElectrical and Electronics Engineers (IEEE) 802.11s or 802.16j. Thesedevices are responsible for forwarding packets to/from the proxy deviceswhich are associated with them. Non-meshed or “non-routable” nodes aredevices following a standard wireless protocol such as IEEE 802.11a, b,e, g or IEEE 802.15 but not participating in any kind of routing. Thesedevices are “proxied” by meshed devices which establish routes for them.

As wireless communications networks become more prevalent, securitycontinues to be a major concern to both communication network providersand end users. This is most evident when using a mobile wireless networkwhere the security environment can offer the greatest challenges sincedata may be readily received and manipulated by many nodes. The radiolinks used in a wireless network expose the signaling and datatraversing the network to eavesdroppers and/or would-be hackers. In amulti-hop wireless network, this requires each link in the mesheddevices to have a unique security association established through themulti-hop authentication and key management process. Then, the airframes on the link can be protected with the established securityassociations.

Today's security solutions typically establish a security associationbetween an authentication server and a node joining the network.Unfortunately, it can take ten seconds for the node to completeauthentication with an authentication server. When a node joins an adhoc network and establishes a secure link with one of its neighbors, itis advantageous to provide an accelerated security mechanism enablingsecure links between the node and other neighboring nodes that are alsomembers of the network quickly.

BRIEF DESCRIPTION OF THE FIGURES

The accompanying figures, where like reference numerals refer toidentical or functionally similar elements throughout the separate viewsand which together with the detailed description below are incorporatedin and form part of the specification, serve to further illustratevarious embodiments and to explain various principles and advantages allin accordance with the present invention.

FIG. 1 is an example communication network for implementation of someembodiments of the present invention.

FIG. 2 illustrates a message flow diagram in accordance with someembodiments of the present invention.

FIG. 3 illustrates more detail of the message flow diagram of FIG. 2 inaccordance with some embodiments of the present invention.

FIGS. 4, 5, and 6 are flowcharts illustrating example operations of amesh point within the network of FIG. 1 in accordance with someembodiments of the present invention.

Skilled artisans will appreciate that elements in the figures areillustrated for simplicity and clarity and have not necessarily beendrawn to scale. For example, the dimensions of some of the elements inthe figures may be exaggerated relative to other elements to help toimprove understanding of embodiments of the present invention.

DETAILED DESCRIPTION

Before describing in detail embodiments that are in accordance with thepresent invention, it should be observed that the embodiments resideprimarily in combinations of method steps and apparatus componentsrelated to establishing secure associations within an adhoc wirelessnetwork. Accordingly, the apparatus components and method steps havebeen represented where appropriate by conventional symbols in thedrawings, showing only those specific details that are pertinent tounderstanding the embodiments of the present invention so as not toobscure the disclosure with details that will be readily apparent tothose of ordinary skill in the art having the benefit of the descriptionherein.

In this document, relational terms such as first and second, top andbottom, and the like may be used solely to distinguish one entity oraction from another entity or action without necessarily requiring orimplying any actual such relationship or order between such entities oractions. The terms “comprises,” “comprising,” or any other variationthereof, are intended to cover a non-exclusive inclusion, such that aprocess, method, article, or apparatus that comprises a list of elementsdoes not include only those elements but may include other elements notexpressly listed or inherent to such process, method, article, orapparatus. An element proceeded by “comprises . . . a” does not, withoutmore constraints, preclude the existence of additional identicalelements in the process, method, article, or apparatus that comprisesthe element.

It will be appreciated that embodiments of the invention describedherein may be comprised of one or more conventional processors andunique stored program instructions that control the one or moreprocessors to implement, in conjunction with certain non-processorcircuits, some, most, or all of the functions of establishing secureassociations within an adhoc wireless network described herein. Thenon-processor circuits may include, but are not limited to, a radioreceiver, a radio transmitter, signal drivers, clock circuits, powersource circuits, and user input devices. As such, these functions may beinterpreted as steps of a method to perform establishing secureassociations within an adhoc wireless network. Alternatively, some orall functions could be implemented by a state machine that has no storedprogram instructions, or in one or more application specific integratedcircuits (ASICs), in which each function or some combinations of certainof the functions are implemented as custom logic. Of course, acombination of the two approaches could be used. Thus, methods and meansfor these functions have been described herein. Further, it is expectedthat one of ordinary skill, notwithstanding possibly significant effortand many design choices motivated by, for example, available time,current technology, and economic considerations, when guided by theconcepts and principles disclosed herein will be readily capable ofgenerating such software instructions and programs and ICs with minimalexperimentation.

Within ad hoc networks it is desirable, and many times necessary, toestablish at least one, and in many cases several, peer links with oneor more peer mesh point (MP). MPs will not transmit data frames ormanagement frames other than the ones used for link establishment untilthe peer link has been established successfully. The MP drops suchframes from a peer MP if it considers the link is not established.

A MP must be able to establish at least one mesh link with a peer MP,and may be able to establish many such links simultaneously. It ispossible that there are more candidate peer MPs than the device iscapable of maintaining peer links with simultaneously. In this case, theMP selects which MPs to establish peer links with based on some measureof signal quality or other information received from candidate neighborMPs.

The MP starts the peer link establishment protocol, for example, incases such as the two following scenarios. In each of these scenarios,the MP is issued a command by the IEEE 802.11 station management entity(SME). In a first scenario, the MP has not reached the maximum number ofneighbors and is willing to accept new connections. In this scenario, aPassive Open command causes the MP to start a link establishmentprotocol instance and listen to incoming connection requests. In anexemplary embodiment of the invention, the Passive Open command is aMLME-PassivePeerLinkOpen( ).request primitive. In a second scenario, theMP agrees with the profile carried in a beacon or a probe response froma peer MP and it has not reached the maximum number of neighbors. AnActive Open command is issued that causes the MP to initiate a linkestablishment protocol instance with the peer MP identified as peerIdand actively send a connection request to this peer MP. In an exemplaryembodiment of the invention, the Active Open command is aMLME-ActivePeerLinkOpen(peerId).request primitive.

The MP can also end the protocol instance, for example, as in threefollowing scenarios. In a first scenario, the MP encounters failureduring the peer link establishment procedure. As a result, the MP sendsa connection close request. In a second case, the MP receives aconnection close request from the peer MP. In a third case, theconnection is closed because the MP receives a peer link cancel signal.The 802.11 SME can issue a Peer Link Cancel command. In an exemplaryembodiment of the invention, the Peer Link Cancel command is aMLME-CancelPeerLink( ).request primitive. This signal can be triggeredby some internal event. For instance, the MP discovers the datatransmission failure.

The present invention provides an efficient means of establishing a peerlink between two members of an adhoc wireless network via a peer linkestablishment handshake while simultaneously establishing a securityassociation between the two. The objective is to define a handshakeusing the fewest number of messages possible while providing mutualauthentication, securely transporting and deriving session keys, andensuring predictable role negotiation.

The present invention provides a method of performing a joint securityassociation and peer link establishment handshake in an efficient meshsecurity association (EMSA) architecture. The method requires threemessages, namely one peer link open, one peer link setup, and one peerlink response, in the case that one of the two mesh points initiates thehandshake, or four messages, namely two peer link open and two peer linkconfirms, in the event that a simultaneous open occurs. The methodincludes built-in support for security suite negotiation and an 802.1Xrole determination procedure, which provides improved support for cachedkeys, even in the event both parties cannot retrieve keys from an EMSAmesh key distributor (MKD).

FIG. 1 illustrates an ad hoc wireless network 100 in accordance withsome embodiments of the present invention. The ad hoc wireless network100, for example, can be a mesh enabled architecture (MEA) network or an802.11 network (i.e. 802.11a, 802.11b, 802.11g, or 802.11s). It will beappreciated by those of ordinary skill in the art that the communicationnetwork 100 in accordance with the present invention can alternativelycomprise any packetized communication network where packets areforwarded across multiple wireless hops. For example, the ad hocwireless network 100 can be a network utilizing packet data protocolssuch as OFDMA (orthogonal frequency division multiple access), TDMA(time division multiple access), GPRS (General Packet Radio Service) andEGPRS (Enhanced GPRS). Additionally, each wireless hop of the packetizedcommunication network 100 may either employ the same packet dataprotocol as the other hops, or a unique packet data protocol per hop.

As illustrated in FIG. 1, the communication network 100 includes aplurality of mesh points 102-1 through 102-n (referred to also as nodes102 or mobile nodes 102 or communication devices 102), and can, but isnot required to, include a fixed network 104 having a plurality ofintelligent access points (IAP) 106-1, 106-2, . . . 106-n (referred togenerally as nodes 106 or access points 106), for providing mesh points102 with access to the fixed network 104. The fixed network 104 caninclude, for example, a core local access network (LAN), and a pluralityof servers and gateway routers to provide network nodes with access toother networks, such as other ad-hoc networks, a public switchedtelephone network (PSTN) and the Internet. The communication network 100further can include a plurality of fixed or mobile routers 107-1 through107-n (referred to generally as routers 107 or nodes 107 orcommunication devices 107) for routing data packets between other nodes102, 106 or 107. It is noted that for purposes of this discussion, thenodes discussed above can be collectively referred to as “nodes 102, 106and 107”, or simply “nodes” or alternatively as “communication devices.”

As can be appreciated by one skilled in the art, the nodes 102, 106 and107 are capable of communicating with each other directly or indirectly.When communicating indirectly, one or more other nodes 102, 106 or 107,can operate as a router or routers for forwarding or relaying packetsbeing sent between nodes.

Efficient mesh security association services are used to establish linksecurity between two Mesh Points (MPs) 102 in a wireless mesh network100. EMSA services are provided through the use of a mesh key hierarchy,a hierarchy of derived keys that is established through the use of aPre-Shared Key (PSK) or when a MP performs IEEE 802.1X authenticationusing an extensible authentication protocol (EAP) authentication method.

The present invention includes an authentication mechanism supportingthe efficient establishment of security associations between MPs. Thismechanism can operate in either mesh supplicant or mesh authenticatorroles, depending upon the capabilities and preferences of the MP and thecapabilities and preferences of its neighbors. A mesh authenticator is amesh point that provides authentication before allowing another meshpoint to gain access to the network. In an exemplary embodiment of thepresent invention, the mesh authenticator is an 802.1X authenticator. Amesh supplicant is a mesh point that requests access to the network. Itdoes this by associating with, and then authenticating itself to, anauthenticator. In an exemplary embodiment of the present invention, themesh supplicant is an 802.1X supplicant.

When operating in the mesh authenticator role, a mesh point can allowsupplicant mesh points to join a mesh and establish securityassociations with itself and other members of the network. During anEMSA handshake, one MP will play the role of 802.1X Supplicant, and theother will play the role of 802.1X Authenticator. The present inventionfurther includes a 802.1X role determination procedure for determiningduring an EMSA handshake which roles are assigned to each MP. Thisprocedure ensures that the role of mesh authenticator and meshsupplicant are uniquely assigned to a single MP prior to the completionof the EMSA handshake.

FIG. 2 illustrates a message flow diagram 200 in accordance with someembodiments of the present invention. Specifically, FIG. 2 illustratespeer link establishment using the abbreviated EMSA handshake between twomesh points 102-1, 102-2 within the network 100. A MP that initiates theabbreviated EMSA handshake sends a peer link open message 205 containinga Mesh Security Association information element (MSAIE), a Mesh SecurityCapability information element (MSCIE) and a robust security networkinformation element (RSNIE), where the RSNIE contains a Pairwise MasterKey identification (PMKID) list. The PMKID list contains one or twoentries that identify the shared Mesh Authenticator Pairwise Master Key(PMK-MA) or Keys available to secure the peer link. The Peer Link Openmessage requests that a link be established between the Peer Link Opensender and the receiver. In the abbreviated EMSA handshake including thepeer link setup message 210 and peer link response message 215 of thepresent invention, the determination of roles depends on the informationexchanged in the peer link open message(s) 205. The Abbreviated EMSAhandshake allows a MP to establish a Pairwise transient key (PTK) with amesh authenticator, by utilizing the mesh key hierarchy it establishedduring Initial EMSA Authentication.

FIG. 3 illustrates more detail of the operation of mesh points 102-1 and102-2 during a peer link establishment 300. As illustrated, theoperation begins with block 305 in which mesh point 102-1 determinesthat a peer link should be set up. It may occur after receiving abeacon, for example. At this point an Active Open command is issued toinitiate peer link setup. Next, in block 310, mesh point 102-1 selects anonce and cipher suite and identifies available master keys. Morespecifically, in block 310, Upon receiving an Active Open, the MP 102-1:(a) Selects a nonce (Local Nonce field of MSAIE); (b) Selects 1 pairwiseciphersuite from what the peer supports (MSAIE); (c) Determines if thelocal Mesh Authenticator (MA) function has a cached Mesh AuthenticatorPMK (PMK-MA) created by peer; and if so, inserts Mesh Key DistributorPMK (PMK-MKD) Name identifying a key that the cached PMK-MA is derivedfrom into the RSNIE (PMKID List); (d) inserts the PMK-MKDNameidentifying a key created by this MP during Initial EMSA Authenticationinto the RSNIE (PMKID List) (Note: the PMKID list has either 1 or 2entries.); and (e) constructs a peer link open message containing:MSCIE, MSAIE, & RSNIE. Mesh point 102-1 then sends a peer link openmessage 205 to mesh point 102-2.

Next, in block 315, mesh point 102-2, upon receiving the peer link openmessage 205: (a) examines RSNIE and MSCIE, and determines if it wants toset up a link with the peer 102-1; if not, mesh point 102-2 sends a peerlink close message (not shown); (b) does a 802.1X role determinationprocedure (to be described hereinafter), this determines the PMK-MA tobe used; (c) retrieves the PMK-MA if necessary and if acting in 802.1Xauthenticator role; and (d) selects a nonce and computes the PTK.

Next, in block 320, mesh point 102-2 identifies the key used. After802.1X role determination and computing the PTK, the mesh point 102-2:(a) constructs its RSNIE including the PMK-MAName in the PMKID listfield; (b) constructs the MSAIE containing: both nonces, the identifierof the 802.1X authenticator, the suite selection (supplicant chooses)(note: if supplicant, it makes choice based on peer's capability; ifauthenticator, it echoes peer's choice from peer link open message), theencrypted group temporal key (GTK), the PMK-MKDName identifying PMK-MKDthat the PMK-MA is derived from, and the message integrity code (MIC)over several information elements (IEs). Mesh Point 102-2 sends a peerlink setup message 210 containing: MSCIE, RSNIE, and MSAIE to mesh point102-1. The peer link setup message 210 is protected using the MIC.

Next, in block 325, when mesh point 102-1 receives the peer link setupmessage 210, mesh point 102-1 verifies the 802.1X role using the 802.1Xrole determination procedure, computes the PTK, and verifies the MIC andmessage contents. Upon receiving the peer link setup message 210, meshpoint 102-1: (a) if 802.1X authenticator and if necessary, retrieves thePMK-MA using the included PMK-MKDName; (b) computes the PTK using noncesand the PMK-MA; (c) verifies the MIC; (d) verifies the cipher suiteselection is supported and was selected by the 802.1X supplicant; and(f) decrypts the GTK. If any components are not verified, then meshpoint 102-1 sends a peer link close message (not shown). The Peer LinkClose message tries to close the connection between the two MPs.

Otherwise, next, in block 330, mesh point 102-1 constructs and sendsback a peer link response message 215 similar to the peer link setupmessage 210 and opens a port for communication with mesh point 102-2.Specifically, after verifying the peer link setup message 210, meshpoint 102-1: (a) constructs its RSNIE including the PMK-MAName in thePMKID list field; (b) constructs the MSAIE containing: both nonces, theidentifier of the 802.1X authenticator, the supplicant's cipher suiteselection, the encrypted GTK, the PMK-MKDName identifying the PMK-MKDthat the PMK-MA is derived from, and the MIC over several IEs. Meshpoint 102-1 sends a peer link response 215 containing: MSCIE, RSNIE, andMSAIE. Mesh point 102-1 also installs PTK and GTK. Mesh point 102-1 thenopens an 802.1X port for communication with peer mesh point 102-2.

To complete the establishment, in block 335, upon receiving the peerlink response 215, mesh point 102-2 verifies the MIC, verifies the RSNIEand the MSCIE match those previously received (in the peer link openmessage 205), verifies the cipher/authentication and key management(AKM) suite selections are supported and are those selected by 802.1Xsupplicant, and decrypts the GTK. If any components are not verified,mesh point 102-2 sends a peer link close message (not shown). Mesh point102-2 then installs PTK and GTK. Mesh point 102-2 then opens a 802.1Xport for communication with peer 102-1. In one embodiment (not shown),mesh point 102-2 may send an additional peer link acknowledge message tomesh point 102-1 upon receiving a peer link response message 215 andverifying the contents. One of ordinary skill in the art recognizes thatthe presence or absence of such an acknowledgement message does notalter the scope of the present invention.

The handshake process described with respect to FIGS. 2 and 3 provides aunique 802.1X role determination procedure. The handshake permits use ofcached keys in all scenarios. The handshake utilizes EMSA derived keyhierarchy being in place. The handshake provides flexible protocolstartup options.

FIG. 4 is a flowchart illustrating an example operation of a mesh point102 in accordance with some embodiments of the present invention.Specifically, FIG. 4 illustrates an active open scenario 400 in which amesh point 102 sends a peer link open message to actively establish alink with a peer.

As illustrated in FIG. 4, the operation 400 begins with Step 405 with anActive Open command for neighbor A. Next, in Step 410, the mesh pointsends a peer link open message containing MSAIE and RSNIE to neighbor A.Next, in Step 415, the mesh point waits to receive a message fromneighbor A. In one embodiment (not shown) a timeout process is includedto ensure the robustness of the process. After the MP has sent a PeerLink Open message, but has not received a corresponding Peer Link Setupmessage, a timer, MessageTimer, is set. If the MP has not received thePeer Link Setup when the timer expires, the MP sends a Peer Link Closemessage to close the link. (not shown)

The neighbor MP may reject the Peer Link Close message if it carries amismatched instance identifier. The received instance identifier isconsidered a mismatch in three cases. In case one, the MP does not havea record of instance identifier for the peer MP yet. In case two, themessage carries the random value in the Local Link ID field, but it doesnot match the PeerLinkID recorded locally. In case three, the value inthe Peer Link ID field (if it is not null) does not match the localrecord of LocalLinkID. In the rest of the cases, the instance identifieris considered a match, and the MP accepts the message. Doing so, the MPrecords the link ID from the peer MP.

Next, in Step 420, the mesh point determines whether a received messageis a peer link open message. When the message is a peer link openmessage, the operation continues with Step 425 in which the mesh pointprocesses the message including verifying the message contents. In oneembodiment, the mesh point also does 802.1X role determination. In someembodiments, the MP rejects the Peer Link Open message if it carries amismatched instance identifier or the configuration parameters in thereceived message are not acceptable by the MP. The instance identifiercarried in the Peer Link Open contains only the link ID provided by thepeer. It is considered a mismatch when the MP has the local record ofthe PeerLinkID and it does not match the received value in the LocalLink ID field. Besides the instance identifier, the Peer Link Openmessage contains configuration parameters. The MP can reject the messageif these parameters do not match the local configuration and policy. Inother embodiments, the MP accepts the message and records the receivedconfigurations that are useful for operations once the link has beenestablished. The mesh point can also store the received value in theLocal Link ID field as PeerLinkID if the mesh point does not have arecord yet.

Next, in Step 430, the mesh point derives PTK. Next, in Step 435, themesh point sends a peer link confirm message protected using the PTK.Next, in Step 440, the mesh point waits for a peer link confirm messagefrom Neighbor A (i.e. peer). In one embodiment (not shown) a timeoutprocess is included. After the MP has sent a Peer Link Confirm message,but has not received a corresponding Peer Link Confirm message, a timer,MessageTimer, is set. If the MP has not received the Peer Link Confirmwhen the timer expires, the MP shall send a Peer Link Close message toclose the link. (not shown)

Next, in Step 445, the mesh point determines whether the MIC andcontents of the peer link confirm message are valid. If not, theoperation cycles back to Step 440. The MP may reject the Peer LinkConfirm message if it carries a mismatched instance identifier or theconfiguration parameters in the received message are not acceptable bythe MP. It is considered a mismatch of the instance identifier if thevalue in the Peer Link ID field of the received message does not matchthe locally recorded LocalLinkID, or the value in the Local Link IDfield of the received message does not match the locally recordedPeerLinkID (if the MP has a local record of PeerLinkID). Besides theinstance identifier, the Peer Link Confirm message containsconfiguration parameters as well. The MP may reject the message if thereceived parameters do not match the local configuration and policy, orif they are not consistent with the parameters received in an earliermessage.

If the MIC and contents are valid, the operation continues to Step 450in which the mesh point installs PTK and GTK; and opens a port forcommunication with neighbor A. The operation then ends.

Returning to Step 420, when the message is not a peer link open message,the operation continues to Step 455 in which the mesh point determineswhether the message is a peer link setup message. If the message is nota peer link setup message, the operation cycles back to Step 415. If themessage is a peer link setup message, the operation continues to Step460 in which the mesh point derives PTK if needed. Next, in Step 465,the mesh point determines if the MIC and contents of the peer link setupmessage are valid. If not valid, the operation cycles back to Step 415.If valid, the operation continues to Step 470 in which the mesh pointsends a peer link response message protected by the PTK. Next, in Step450, the mesh point installs PTK and GTK and opens a port forcommunication with neighbor A. The operation then ends.

FIG. 5 is a flowchart illustrating an example operation of a mesh point102 in accordance with some embodiments of the present invention.Specifically, FIG. 5 illustrates a passive open scenario 500 in which amesh point 102 listens for a peer link open message, and responds inorder to set up a link.

As illustrated in FIG. 5, the operation 500 begins with Step 505 inwhich the mesh point receives a peer link open message from neighbor A.Next, in Step 510, the mesh point processes the peer link open messageincluding verifying its contents. In some embodiments, the mesh pointalso does 802.1X role determination. Next, in Step 515, the mesh pointselects a local nonce and derives PTK. Next, in Step 520, the mesh pointsends a peer link setup message protected using the PTK. Next, in Step525, the mesh point waits for a peer link response message from neighborA (i.e. peer). In one embodiment (not shown) a timeout process isincluded to ensure the robustness of the process. After the MP has senta Peer Link Setup message, but has not received a corresponding PeerLink Response message, a timer, MessageTimer, is set. If the MP has notreceived the Peer Link Response when the timer expires, the MP shallsend a Peer Link Close message to close the link. (not shown)

Next, in Step 530, the mesh point verifies the MIC and other messagecontents of a received peer link response message. Next, in Step 535, itis determined whether or not the contents were verified. When thecontents are not verified, the operation cycles back to Step 525. Whenthe contents are verified, the operation continues to Step 540 in whichthe mesh point installs PTK and GTK and opens a port for communicationwith neighbor A. The operation then ends.

In accordance with some embodiments of the present invention, in theoperations of FIGS. 4 and 5, when the message processing encounters anyerror or the MP makes the local decision to close the link, the MP sendsa Peer Link Close message to close the link. The MP waits for some timeto close the link completely. This graceful time period can be governedby a timer—CancelTimer. Before the CancelTimer expires, the MP continuesto respond to any additional Peer Link Open message from the peer MP bysending back the Peer Link Close message. When the CancelTimer expires,the MP eventually closes the link by releasing the local resourceallocated for the link instance. This mechanism allows the process torecover from failure quickly.

FIG. 6 is a flowchart illustrating an example operation 600 of a meshpoint 102 in accordance with some embodiments of the present invention.Specifically, FIG. 6 illustrates an 802.1X role determination procedure600 within a mesh point in accordance with some embodiments of thepresent invention. The operation 600 of FIG. 6 can be included, forexample, as further detail of Steps 315 and 325 of FIG. 3, Step 425 ofFIG. 4, and Step 510 of FIG. 5 as described previously herein. 802.1Xrole determination assigns the roles of 802.1X authenticator and 802.1Xsupplicant to the MPs based on the presence of cached keys and theconfiguration of the MPs. It also determines the PMK-MA to be used tosecure the link.

As illustrated in FIG. 6, the operation 600 begins with Step 605 inwhich the mesh point determines whether at least one mesh point can be amesh authenticator (MA) (i.e. a mesh authenticator bit is set). If nomesh point can be a mesh authenticator, the operation continues to Step610 in which the mesh point sends a peer link close message. Theoperation then ends.

When at least one mesh authenticator is identified in step 605, theoperation continues to Step 615 in which the mesh point determineswhether the local PMKID is valid. To determine if the local PMKID isvalid, the mesh point examines the PMKID List received from a peer MP ina peer link open message. If the PMKID List contains two entries, and anentry corresponds to a PMK-MA that was created by the mesh point duringInitial EMSA Authentication, then the local PMKID is valid. When thelocal PMKID is not valid, or when the PMKID List received from a peer MPcontains only a single entry, the operation continues to Step 620 inwhich the mesh point determines whether a cached peer key exists. Todetermine if a cached peer key exists, the mesh point examines the PMKIDList received from a peer MP in a peer link open message. If the entrythat corresponds to a PMK-MA that was created by the peer MP during itsInitial EMSA Authentication identifies a key that is locally cached atthe mesh point, then the cached peer key exists. When a cached peer keyexists, the operation continues to Step 625 in which the processing meshpoint is identified as the 802.1X authenticator. The operation thenends.

Returning to Step 615, when the local PMKID is valid, the operationcontinues to Step 630 in which the mesh point determines whether acached peer key exists. When no cached peer key exists, the operationcontinues to Step 635 in which the peer MP is identified as the 802.1Xauthenticator. The operation then ends.

Returning to Step 620, when no cached peer key exists, the operationcontinues to Step 640 in which the mesh point determines whether thepeer is connected to a MKD. When the peer is connected to the MKD, theoperation continues to Step 645 in which the mesh point determineswhether it is connected to the MKD. When the mesh point is alsoconnected to the MKD, the operation continues to Step 650 in which themesh point compares the peer Media Access Control (MAC) to its localMAC. When the peer MAC is less than the local MAC, the operationcontinues with Step 655 in which the processing mesh point is identifiedas the 802.1X authenticator. Alternatively, when the peer MAC is greaterthan the local MAC, the operation continues with Step 660 in which thepeer mesh point is identified as the 802.1X authenticator. After bothSteps 655 and 660, the operation ends.

Returning to Step 645, when the processing mesh point is not connectedto the MKD, the operation continues to Step 665 in which the peer meshpoint is identified as the 802.1X authenticator. The operation thenends.

Returning to Step 640, when the peer is not connected to the MKD, theoperation continues to Step 670 in which it is determined whether theprocessing mesh point is connected to the MKD. When the processing meshpoint is connected to the MKD, the operation continues to Step 680 inwhich the processing mesh point is identified as the 802.1Xauthenticator. The operation then ends.

When, in Step 670, the processing mesh point is not connected to theMKD, the operation continues to Step 610 in which the mesh point sends apeer link close message. The operation then ends.

The present invention as described herein provides a method within anadhoc mesh network for two devices to quickly determine roles (i.e.which is the authenticator and which is the supplicant) whileestablishing a security association. The invention provides for theinclusion of cached key information in the role determination processand the application of role determination to a shortened three-wayhandshake.

In the foregoing specification, specific embodiments of the presentinvention have been described. However, one of ordinary skill in the artappreciates that various modifications and changes can be made withoutdeparting from the scope of the present invention. Accordingly, thespecification and figures are to be regarded in an illustrative ratherthan a restrictive sense, and all such modifications are intended to beincluded within the scope of present invention.

1. A method of operation of a mesh point for establishing secureassociations within a communication network comprising: sending a peerlink open message to a neighbor node; receiving a response message fromthe neighbor node in response to the peer link open message; processingthe response message using a first operation when the response messageis a peer link open message; processing the response message using asecond operation when the response message is a peer link setup message;installing a pairwise transient key (PTK) and an encrypted grouptemporal key (GTK) as a result of either the first operation or thesecond operation; and opening a port for communication with the neighbornode.
 2. A method as claimed in claim 1, wherein the peer link openmessage includes a mesh security association information element (MSAIE)and a robust security network information element (RSNIE).
 3. A methodas claimed in claim 1, wherein the first operation comprises: processingthe response message including verifying the response message contents;deriving the PTK; sending a peer link confirm message protected usingthe PTK; receive a neighbor node peer link confirm message from theneighbor node; determining whether the message integrity code (MIC) andcontents of the neighbor node peer link confirm message are valid; andcontinuing to the installing PTK and GTK step when the message integritycode (MIC) and contents of the peer link confirm message are valid.
 4. Amethod as claimed in claim 1, wherein the second operation comprises:deriving the PTK when needed; determining whether the message integritycode (MIC) and contents of the peer link setup message are valid; andwhen the MIC and contents of the peer link set up message are valid:sending a peer link response message protected by the PTK; andcontinuing to the installing PTK and GTK step.
 5. A method as claimed inclaim 1, further comprising prior to the receiving step: waiting toreceive the response message from the neighbor node for a period oftime; and sending a peer link close message to close the link when noresponse message is received during the period of time.
 6. A method asclaimed in claim 3, wherein the processing step further comprises:performing an 802.1x role determination including: assigning a role ofan 802.1x authenticator and a role of an 802.1x supplicant to each ofthe mesh point and the neighbor node based on the presence of one ormore cached keys and a configuration of each of the mesh point and theneighbor node.
 7. A method as claimed in claim 6, wherein the assigninga role of an 802.1x authenticator and a role of an 802.1x supplicant tothe mesh points based on the presence of one or more cached keyscomprises: assigning the role of the 802.1x authenticator to theneighbor node when a local Pairwise Master Key identification (PMKID) isvalid and a peer key is not cached; and assigning the role of the 802.1xauthenticator to the mesh point when the local PMKID is not valid andthe peer key is cached.
 8. A method as claimed in claim 7 furthercomprising: determining that the local PMKID is valid by: examining aPMKID List received from the neighbor node in a peer link open message;and when the PMKID List contains two entries, and an entry correspondsto a PMK-MA that was created by the mesh point during Initial EMSAAuthentication, then the local PMKID is valid.
 9. A method as claimed inclaim 7, wherein the mesh point determines whether the cached peer keyexists by: examining a PMKID List received from the neighbor node in apeer link open message; and when the entry that corresponds to a MeshAuthenticator Pairwise Master Key (PMK-MA) that was created by theneighbor node during its initial efficient mesh security association(EMSA) authentication identifies a key that is locally cached at themesh point, then the cached peer key exists.
 10. A method as claimed inclaim 6, wherein the assigning a role of an 802.1x authenticator and arole of an 802.1x supplicant to the mesh points based on theconfiguration of each of the mesh points comprises: assigning the 802.1xauthenticator role to the mesh point when the neighbor node is notconnected to a mesh key distributor (MKD) and the mesh point isconnected to the MKD; assigning the 802.1x authenticator role to theneighbor node when the neighbor node is connected to the MKD and themesh point is not connected to the MKD; assigning the 802.1xauthenticator role to the mesh point when the neighbor node and the meshpoint are connected to the MKD and the local MAC is greater than theneighbor node MAC; and assigning the 802.1x authenticator role to theneighbor node when the neighbor node and the mesh point are connected tothe MKD and the local MAC is less than the neighbor node MAC.